![Default self created cybersecurity insiders image low res](https://www.cybersecurity-insiders.com/wp-content/uploads/Default-self-created-cybersecurity-insiders-image-low-res-696x397.jpg)
![Default self created cybersecurity insiders image low res](https://www.cybersecurity-insiders.com/wp-content/uploads/Default-self-created-cybersecurity-insiders-image-low-res-696x397.jpg)
This post was originally published here by jeff baumgarten.
Everyone fromĀ DeloitteĀ toĀ Ad AgeĀ toĀ ForbesĀ and many more are talking about why CMOs should care about cybersecurity and become more involved in the overall strategy. That makes sense as security moves beyond the purview of IT and becomes more of aĀ board-level issue. Ā
Having seen cybersecurity Ā from publicly-traded company and venture-backed perspectives, I wanted to share some hints and tips with my fellow marketing leaders.
While some recommend CMOs become cybersecurity experts, laying out extensive process around it, thatās just beyond the capability and simple time demands of most of you.Ā So where should you start?
4 Key Focus Areas for CMOs
One of the best articles Iāve seen to date, fromĀ CMO magazine in Australia, lays out 4 key things on which to focus:
- Give attention in advance to the possible customer impact of breaches.
- Think about your own brand value impacts from cybersecurity incidents.
- See a more secure business as a way to attract more customers.
- Develop relationships and a common language with your security team.
Of the above, the first three are really mindset approaches that youāll likely be able to get your arms around by giving the required time and attention with your own team, other customer-facing organizations, and your executive leadership team.
Number four is likely the most critical to getting a handle on your cybersecurity strategy. But youāll likely need to do some homework. Itās no different than when you take your first trip to someplace like Italy ā it helps to read up a bit in advance.
Cybersecurity 101 for CMOs
Fortunately, there are some āRosetta Stoneā guides before you go on your excursion if youāve never been to Cyber-Milan before, all well-reviewed on Amazon:
- Cybersecurity: The Ultimate Beginners GuideĀ is only 42 pages and really a good place to start for the time-crunchedā it lays out a quick foundation on cybersecurity.
- A more detailed (and longer) good intro:Ā Cybersecurity for Beginners.
- The Cybersecurity to English DictionaryĀ is a companion book to either of the aboveā a terminology guide for cybersecurity.
So once Ā you have your basic ālanguageā structure down withĀ an idea of some of the very basic concepts and terms of cybersecurity, youāll want toĀ get comfortable with the culture and some of the more common phrases before diving in.
Iād suggest you start with what is currently top of mind for most cybersecurity practitioners and executives ā cloud security. According toĀ Cybersecurity Insiderās 2018 Cloud Security Survey, 90% of security pros are concerned about cloud security, way up vs. 2017. Ā In fact, 62% say their biggest threat is misconfigured cloud services.
For simplicity, when weāre talking about public cloud (Infrastructure as a Service) where your engineers have built the apps that your company delivers to your customers, weāre generally talking about Amazon Web Services, or AWS. Theyāre the 800 pound gorilla, as,Ā Synergy Research Group statesĀ ā theyāre in a league of their own.
But why is cloud security such a big concern when Amazon (like Microsoft, Google, and the other major cloud service providers), spends hundreds of millions of dollars on security and has thousands of security experts around the globe working 24/7 to keep their cloud safe? (And theyāre very good at it.)
It starts with what Amazon calls theĀ Shared Responsibility Model. As shown below, AWS is responsible for the security āofā the cloud, and your company as an AWS customer is responsible for security āinā the cloud. As you can see, thereās a lot to be concerned about āinā the cloud- and it has to be managed differently than the legacy security approaches of the data center, virtual-machine world that predominated even a couple of years ago.
Now, many of you, particularly technology startups like CloudPassage, are cloud native, so have always had a cloud-based security approach. Yet, the scale and speed at which anyone in your company can consume services for free or by swiping a credit card massively expands what is called the āattack surfaceā. And, the speed at which AWS releases new services to your dev teams is staggering, making it difficult for your security teams to keep up. (For example, AWS released almostĀ 500 new services and featuresĀ in just one recent quarter.)
To learn more about the basics of Cloud Security, I highly recommend grabbing a free 7 day trial to Cloud Academy and taking their fine video course onĀ AWS Security Fundamentals. Itās just over an hour and is awesome for beginners.Ā (If you want a sub-101 level course to start with check out their courseĀ What Is Cloud Computing?)
Ok, at this point, you may feel good about some language skills, and know some key Cyber-Italian phrases. So, itās time to take your new knowledge down to the local Italian restaurantĀ (you know the real authentic one where the Nonna is in the back making the meatballs). You can do it by setting up an AWS account and using an honest to goodness cloud security tool on an AWS cloud storage service.Ā (Itās easier than it sounds ā some of the least technical folks on my Growth team gave this a whirl and found it easier than they thought as well as educational. Trust me, if you can handle Google Analytics and Marketo this will be a breeze.)
How to set up an AWS Account
- Open your own freeĀ AWS account.
- Set up anĀ Simple Storage (S3) bucketĀ (like Dropbox or Box on steroids) and upload some files into it.
- Go toĀ cloudpassage.com/freetrial. Follow the prompts to set up your AWS account in our product Halo Cloud Secure.
- See your risks and threats on the Cloud Secure dashboard.
- Pat yourself on the back.
Thatās it. Youāve gone beyond passing the annual pain-in-the-rear security trainingĀ (yes, even here at a security company we moan about having to do that and our CISO has to stay after us to get it done).
Now you still know 99% less than your cybersecurity team, but theyāll appreciate all the questions and insight you now have, and the effort you put in to understanding their world ā which is aĀ profoundly difficult oneĀ to live in by the way. In any case, I hope this gives you a better idea about why CMOs should care about cybersecurity, as it is now everyoneās responsibility, from the top down.
I would love to hear from you what youāre doing to keep on top of cybersecurity issues ā and how your discussions with your cybersecurity partners are going ā it would make a great follow up post in the near future.Ā You can reach me atĀ jbaumgarten@cloudpassage.com.
In the meantime, Iād invite you take a look at theĀ 2018 Cloud Security ReportĀ mentioned above. Itās a great read, packed with visuals and stats on overall cloud adoption and vendor trends that youāll find intriguing.
Photo:The Great Courses